CVE-2023-41265

Summary

CVE-2023-41265 is a newly identified vulnerability affecting Qlik Sense Enterprise for Windows. It allows remote attackers to exploit an HTTP Request Tunneling flaw, present in versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier. Attackers can leverage this issue to tunnel HTTP requests in raw format, thereby tricking the backend server into executing their malicious commands. This can ultimately lead to privilege escalation. Affected users are advised to apply patches August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13, which address this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.